Jypo Ransomware
Jypo is a ransomware threat that operates by encrypting the data of its victims, preventing them from accessing it. To make the encrypted files easier to identify, Jypo renames them by adding its own extension ('.jypo') to their filenames. Additionally, it drops a ransom note named '_readme.txt' on the victim's computer, detailing the demands of the threat actors and providing instructions on how victims can pay a ransom in exchange for a decryption key.
Investigating Jypo Ransomware has confirmed that the threat is part of the infamous STOP/Djvu ransomware family. This means that there is a high chance that additional malware threats may have been deployed to the breached device alongside it. Indeed thr STOP/Djvu operators have been observed to also drop infostealer threats such as RedLine and Vidar.
Victims of the Jypo Ransomware will Lose Access to Their Data
When Jypo infects a computer and encrypts the victim's data, it drops a ransom note titled '_readme.txt' on the desktop. This note provides instructions to the victim on how to communicate with the threat actors responsible for the attack. The note states that the victim must send an email to either 'support@freshmail.top' or 'datarestorehelp@airmail.cc' to receive information on how to purchase the decryption tools.
The ransom note also warns the victim that if they do not pay within 72 hours, the cost of the decryption tools, which include a unique decryption key and decryption software, will increase from $490 to $980. Additionally, the note mentions that victims are allowed to send one encrypted file to the attackers for free decryption. However, the file must be less than 1 MB in size and should not contain important information.
It is important to note that Jypo, like other types of ransomware, uses encryption algorithms that are difficult or impossible to crack without purchasing the required decryption tools. This often leaves victims with no other option but to pay the ransom, especially if they do not have a backup of their data or access to a third-party decryption tool. However, it is not advisable to pay the ransom, as you will never know if the attackers will provide the necessary decryption tools even after payment.
Users Should Protect Their Devices and Data from Ransomware Attacks
To protect their devices and data from ransomware attacks, users must adopt a comprehensive approach that includes a combination of technical, organizational, and behavioral measures. This includes regularly updating their operating system, applications, and security software to the latest versions to patch any security vulnerabilities. Additionally, users should avoid downloading attachments or clicking on links from unknown sources and refrain from opening suspicious emails or messages.
Having a robust backup strategy is also essential in protecting against ransomware attacks. Users must ensure that they regularly back up their important data to an external storage device or cloud-based service and regularly test the backups to ensure they are working correctly. This ensures that they can recover their data in the event of a ransomware attack without having to pay the ransom.
Finally, it is essential to stay informed about the latest threats and security best practices. Users should regularly educate themselves on how to recognize and avoid phishing attacks, suspicious websites, and other social engineering schemes used by cybercriminals to spread ransomware. By adopting these measures, users can decrease the risk of falling victim to a ransomware attack significantly and protect their devices and data.
The whole text of the ransom note dropped by Jypo Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-fkW8qLaCVQ
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
